cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Andrew_Callan
Explorer
Member since: ‎06-12-2019
‎08-03-2020
Community Statistics
Posts 9
Solutions 0
Karma Given 1
Karma Received 2
Member Since ‎06-12-2019
Activity Feed
View All

Re: SSL configuration causing Mongo issues

by in Deployment Architecture
‎01-07-2020 10:46 AM
1 Karma
‎01-07-2020 10:46 AM
1 Karma
@jsmithn has it right, this is what I had to do to fix it also. ... View more

Re: SSL configuration causing Mongo issues

by in Deployment Architecture
‎12-12-2019 06:18 PM
‎12-12-2019 06:18 PM
Are you running this on a STIG-ed machine by any chance? ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-16-2019 09:40 PM
‎06-16-2019 09:40 PM
I had done a btool with debug before posting, the false setting for verifying the cert was being read from my indexes.conf file in the app configuring smartstore. I'm not sure if there's just something peculiar about the s3 endpoint I'm using. ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-14-2019 08:20 AM
‎06-14-2019 08:20 AM
Confirmed the same error exists on 7.2.6 while the command you gave me to run also returns the 0 return code. ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-14-2019 07:14 AM
‎06-14-2019 07:14 AM
It'll take some setting up but I can try this in 7.2. ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-14-2019 06:44 AM
‎06-14-2019 06:44 AM
With the https:// scheme specified I get getservbyname failure for //s3-sg.domain.net:8082 usage: s_client args When not using the scheme at all I get a connection displaying the following and a prompt SSL handshake has read 3915 bytes and written 444 bytes New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1560519821 Timeout : 300 (sec) Verify return code: 0 (ok) ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-14-2019 06:24 AM
‎06-14-2019 06:24 AM
Thanks for the answer! Since posting I've tried a few other configs, turns out that the default cert used on the on prem s3 store was totally bogus, it had a number in it for the CN and there were no Alt Names. I've given it a proper certificate using our CA and installed the root CA using the following parameter: remote.s3.sslRootCAPath = /opt/splunk/etc/certs/root_cert.pem The cert has 400 permissions and is owned by Splunk. I've restarted with this parameter specified and with the remote.s3.sslVerifyServerCert parameter set to both true and false, still getting the unknown CA error however. I will admit however that I'm not massively experienced with using custom certs in Splunk. ... View more

Re: SmartStore producing Cert errors with sslVerif...

by in Security
‎06-14-2019 05:56 AM
‎06-14-2019 05:56 AM
It may help to mention this is on version 7.3.0 ... View more

SmartStore producing Cert errors with sslVerifySer...

by in Security
‎06-12-2019 09:05 AM
‎06-12-2019 09:05 AM
Hi all, I'm currently trying to setup a smartstore index using on-prem s3 compliant storage. The logs I'm seeing in _internal related to the s3Client component are as follows: statusCode=502 statusDescription="Error connecting: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca - please check the output of the `openssl verify` command for the certificates involved; note that if certificate verification is enabled (requireClientCert or sslVerifyServerCert set to "true"), the CA certificate and the server certificate should not have the same Common Name. My (slightly redacted) config for the bucket in indexes.conf is as follows: [volume:primary] path = /opt/splunk/var/lib/splunk maxVolumeDataSizeMB = 500000 [volume:remote_store] storageType = remote path = s3://splunk-smartstore/netapp-smartstore remote.s3.access_key = access key remote.s3.secret_key = secret key remote.s3.endpoint = https://s3-sgws.domain:8082 remote.s3.encryption = none remote.s3.sslVerifyServerCert = false [netapp_smartstore] homePath = volume:primary/netapp_smartstore/db coldPath = $SPLUNK_DB/netapp_smartstore/colddb thawedPath = $SPLUNK_DB/netapp_smartstore/thaweddb repFactor = auto remotePath = volume:remote_store/netapp_smartstore/colddb maxGlobalDataSizeMB = 1024 hotlist_recency_secs = 3600 hotlist_bloom_filter_recency_hours = 3600 frozenTimePeriodInSecs = 31536000 maxDataSize = auto I have successfully setup smartstore with an AWS bucket, the only differences being that using the public aws endpoints, their certs are set up and correct (we do not have that on site, just using default certs, so I'm not sure exactly which cert to check with the openssl verify command). That and I'd actually created the folders/path within the bucket before initiating smartstore whereas with the on prem version I thought that the folders would be created on instantiation. Not sure how this second difference would create any ssl errors though. I would have also thought the setting of remote.s3.sslVerifyServerCert = false would remove the chance of any cert errors. Anyone who's run into this and can offer any advice, it is most welcome. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎08-03-2020 07:37 AM
Karma from
View All
Karma given to
View All